Research on Cloud Computing, Security, and Privacy
2011/11/30 Leave a Comment 
Print This Post
Christian Cachin and I published an overview on trusted clouds at IEEE Spektrum:
Christian Cachin, Matthias Schunter: A Cloud You Can Trust –
How to ensure that cloud computing’s problems—data breaches, leaks, service outages—don’t obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.
Read it online at
http://spectrum.ieee.org/computing/networks/a-cloud-you-can-trust/0
2011/11/14 1 Comment Print This Post
Today, the W3C Tracking Protection Working Group has released its First Public Working Drafts (FPWD):
“To address rising concerns about privacy on the Web, W3C publishes today two first drafts for standards that allow users to express preferences about online tracking:
- Tracking Preference Expression (DNT), which defines mechanisms for users to express cross-site tracking preferences and for sites to indicate whether they honor these preferences.
- Tracking Compliance and Scope Specification, which defines the meaning of a “Do Not Track” preference and sets out practices for websites to comply with this preference.
These documents are the early work of a broad set of stakeholders in the W3C Tracking Protection Working Group, including browser vendors, content providers, advertisers, search engines, and experts in policy, privacy, and consumer protection. W3C invites review of these early drafts, expected to become standards by mid-2012. Read the full press release and testimonials and learn more about Privacy.”
This release has triggered an entry in IBM’s Privacy Blog as well as a series of news items. My involvement in the W3C DNT Working group is partially supported by the EU TClouds Project.
2011/11/22 Leave a Comment Print This Post
I’ll participate in the program committee of TrustBus 2012. The Call for papers can be found at http://www.ds.unipi.gr/trustbus12/CfPTrustBus2012.pdf:
Important Dates
| Submission deadline : | April 6, 2012 |
| Notification to authors: | May 11, 2012 |
| Camera-ready version: | June 10, 2012 |
2011/11/22 Leave a Comment Print This Post
I’ll participate in the Program Committee of Trust 2012. The Call for Papers can be found at http://trust.sba-research.org/CFP.html (as PDF)
TRUST 2012 is an international conference on the technical and soci-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems.
Important dates are
2011/11/07 Leave a Comment Print This Post
I will participate in the program committee of the 1st Workshop on Resilient Cyber-physical SystemS:
Important Dates:
2011/11/05 Leave a Comment Print This Post
I’ll participate in the program committee of the 1st European Workshop on Dependable Cloud Computing (EWDCC ’12). The call for papers can be found at the .
Important dates:
2011/09/20 Leave a Comment Print This Post
I’ve been invited to co-chair the Tracking Protection Working Group of the World-Wide Web Consortium.
The Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. The group seeks to standardize the technology and meaning of Do Not Track, and of Tracking Selection Lists.
My mission as the chair is to drive the consensus-based standardisation process. My personal goal is to ensure that the privacy requirements of individuals as well as the industry requirements are met by the emerging recommendations.
Our kick-off meeting on September 21+22 in Boston MA, managed to assemble many important stakeholders such as Apple, the Center of Democracy and Privacy, ComScore, the EFF, FTC (Ed Felten), Google, the Interactive Advertising Bureau (IAB), Microsoft, Nielsen, and Yahoo in one room.
2011/05/22 Leave a Comment Print This Post
Today, we received an acceptance note for our submission to ESORICS 2011:
Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European Symposium on Research in Computer Security (ESORICS 2011)
You can download the paper (PDF)
Abstract
The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly configuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information
flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components’ information flow.
Case Study: Graph-based Model for mid-size Cloud
2011/05/16 Leave a Comment Print This Post
I’ll participate in the Program Committee of the ACM Cloud Computing Security Workshop. 
. Please consider submitting your latest research on cloud security.
2011/05/01 Leave a Comment Print This Post
The Swiss Telecommunications Association is a non-profit organisation that represents users and providers of telecommunication. All major Swiss telcos are members:
I gave a presentation on cloud security at the 2011 ASUT Seminar that will be held on June 09 at the Kursaal in Berne. The ASUT Seminar constitutes the #1 event for the telco industry in Switzerland.
The program can be found here, abstract here.
Enclosed you find a report about the event (in German) that has been broadcasted by the SF Tagesschau.
Contact Me!